Multi-factor device authentication

ABSTRACT

A method and system for the secure delivery of data to a remote device that has been registered and which requires authentication through the use of a multifactor signature profile is disclosed, and in particular according to certain disclosed aspects, a method and system for ensuring that an authenticated remote device remains authenticated.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.13/357,000, entitled “Multi-Factor Device Authentication,” and filedJan. 24, 2012; which claims the benefit of Provisional Application Ser.No. 61/435,515, filed on Jan. 24, 2011, the contents of which are hereinincorporated by reference in their entirety.

BACKGROUND OF THE DISCLOSURE

1. Field of the Disclosure

The disclosure relates generally to a method and system for effecting aninitial authentication of a device to which data may be securelydistributed, in part by recording and measuring parameters that are notunder the control of said device, including the installed environment inwhich said device is placed, and for verifying that the authenticationof said device remains valid by monitoring changes to said measuredparameters.

2. General Background

Device authentication is one known tool that is used for networksecurity purposes. Device authentication may be described as based onstoring and presenting credentials to obtain access to a network.Credentials may be based on an account/password combination, or on adigital authentication certificate, such as with the InternationalTelecommunication Union (ITU) X.509 standard recommendation. One knownproblem with an account/password combination and with the digitalcertificate methods of authentication is that credentials based on thesemechanisms may be presented from a device or system that is not the trueowner of the credentials, yet may nevertheless be authenticated asvalid, thus improperly granting access to the presenting device. Forexample, the known good credentials of a system could be transported toa rogue system that would be able to use the credentials to authenticateitself. Thus, from an authentication perspective, nothing prevents theftor other falsification of the credentials, because standard deviceauthentication only evaluates the validity of the credentials beingpresented, without being able to determine whether the presenter shouldbe permitted to use the credentials.

Thus, automatically identifying and authenticating an electronic devicein a secure manner typically involves assigning the device an identitycertificate, such as an X.509 certificate. However, as described above,the use of such a certificate on its own may provide securitychallenges, such as ensuring that a particular device's certificate isnot copied or moved to a counterfeit or rogue device, or the deviceitself has not been moved from the intended environment to another,unintended and possibly untrusted environment. Accordingly, it isdesirable to address the limitations in the art. For example, thereexists a need to provide for a system and method for the secure deliveryof content, which allows for secure delivery of content to a securedevice, and which does not solely rely on mechanisms such as X.509certificates to ensure authentication. As another example, there existsa need for the ability to verify that the networked environment of anauthenticated device to which data may be securely distributed has notbeen modified without authorization, in part by recording and measuringparameters that are not under the control of said device.

SUMMARY

Systems and methods for effecting multi-factor device authentication aredisclosed. In certain embodiments, systems and methods forauthenticating a device are disclosed, which may include the steps ofrecording an initial multi-factor installation signature associated withthe device, determining a subsequent multi-factor installation signatureassociated with the device, comparing the subsequent multi-factorinstallation signature against the initial multi-factor installationsignature to define an installation signature change profile, andgenerating an alarm signal indicating whether said installationsignature change profile satisfies a change profile tolerance criterion.In some embodiments, the initial multi-factor installation signature mayinclude a network address or a geographical location indicatorassociated with the media playback device. In some embodiments, amovement indicator or network topology information may be used as partof an installation signature. Other aspects and advantages of variousaspects of the present invention can be seen upon review of the figuresand of the detailed description that follows.

BRIEF DESCRIPTION OF THE DRAWINGS

By way of example, reference will now be made to the accompanyingdrawings, which are not to scale.

FIG. 1 illustrates an exemplary networked environment and its relevantcomponents according to aspects of the present invention.

FIG. 2 is an exemplary block diagram of a computing device that may beused to implement aspects of certain embodiments of the presentinvention.

FIG. 3 is an exemplary block diagram of a networked system environmentthat may be used to implement aspects of certain embodiments of thepresent invention.

FIG. 4 depicts a flow chart relating to multifactor deviceauthentication according to an embodiment of the present invention.

DETAILED DESCRIPTION

Those of ordinary skill in the art will realize that the followingdescription of the present invention is illustrative only and not in anyway limiting. Other embodiments of the invention will readily suggestthemselves to such skilled persons, having the benefit of thisdisclosure. Reference will now be made in detail to specificimplementations of the present invention as illustrated in theaccompanying drawings. The same reference numbers will be usedthroughout the drawings and the following description to refer to thesame or like parts.

Further, certain figures in this specification are flow chartsillustrating methods and systems. It will be understood that each blockof these flow charts, and combinations of blocks in these flow charts,may be implemented by computer program instructions. These computerprogram instructions may be loaded onto a computer or other programmableapparatus to produce a machine, such that the instructions which executeon the computer or other programmable apparatus create structures forimplementing the functions specified in the flow chart block or blocks.These computer program instructions may also be stored in acomputer-readable memory that can direct a computer or otherprogrammable apparatus to function in a particular manner, such that theinstructions stored in the computer-readable memory produce an articleof manufacture including instruction structures which implement thefunction specified in the flow chart block or blocks. The computerprogram instructions may also be loaded onto a computer or otherprogrammable apparatus to cause a series of operational steps to beperformed on the computer or other programmable apparatus to produce acomputer implemented process such that the instructions which execute onthe computer or other programmable apparatus provide steps forimplementing the functions specified in the flow chart block or blocks.

Accordingly, blocks of the flow charts support combinations ofstructures for performing the specified functions and combinations ofsteps for performing the specified functions. It will also be understoodthat each block of the flow charts, and combinations of blocks in theflow charts, can be implemented by special purpose hardware-basedcomputer systems which perform the specified functions or steps, orcombinations of special purpose hardware and computer instructions.

For example, any number of computer programming languages, such as C,C++, C# (CSharp), Perl, Ada, Python, Pascal, SmallTalk, FORTRAN,assembly language, and the like, may be used to implement aspects of thepresent invention. Further, various programming approaches such asprocedural, object-oriented or artificial intelligence techniques may be

employed, depending on the requirements of each particularimplementation. Compiler programs and/or virtual machine programsexecuted by computer systems generally translate higher levelprogramming languages to generate sets of machine instructions that maybe executed by one or more processors to perform a programmed functionor set of functions.

The term “machine-readable medium” should be understood to include anystructure that participates in providing data which may be read by anelement of a computer system. Such a medium may take many forms,including but not limited to, non-volatile media, volatile media, andtransmission media. Non-volatile media include, for example, optical ormagnetic disks and other persistent memory. Volatile media includedynamic random access memory (DRAM) and/or static random access memory(SRAM). Transmission media include cables, wires, and fibers, includingthe wires that comprise a system bus coupled to processor. Common formsof machine-readable media include, for example, a floppy disk, aflexible disk, a hard disk, a magnetic tape, any other magnetic medium,a CD-ROM, a DVD, any other optical medium.

FIG. 1 depicts an exemplary networked environment 100 in which systemsand methods, consistent with exemplary embodiments, may be implemented.As illustrated, networked environment 100 may include a device 110 to beauthenticated, which could be a multimedia playback device, amultifactor authentication device 120, and a network 130. The exemplarysimplified number of candidate devices 110, multifactor authenticationdevices 120, and networks 130 illustrated in FIG. 1 can be modified asappropriate in a particular implementation. In practice, there may beadditional candidate devices 110, multifactor authentication devices120, and/or networks 130.

A candidate device 110 may include a client entity. An entity may bedefined as a device, such as a computer or another type of computationor communication device, a thread or process running on one of thesedevices, and/or an object executable by one of these devices. In oneembodiment, candidate device 110 may include a personal computer, alaptop or notebook or netbook computer, a wireless device (e.g., acellular telephone, a personal digital assistant (PDA), tablet computer,etc.), and/or any other type of device with which a multimedia sessionmay be established. In addition, a candidate device 110 may includeother types of telephone and/or video conferencing devices. For example,a candidate device 110 may also include a POTS telephone, a SessionInitiation Protocol (SIP) telephone, an IP Multimedia Subsystem (IMS)client, a set-top box that provides voice and/or video sessions, and/orother types of telephone/video conferencing devices. In certainembodiments, a candidate device 110 may include any suitable form ofmultimedia playback device, including, without limitation, a cable orsatellite television set-top box, a DVD player, a digital video recorder(DVR), or a digital audio/video stream receiver, decoder, and player.

In certain embodiments, a candidate device 110 may include one or moreauthentication devices or identifiers, such as a microphone, a camera, awebcam, a fingerprint scanner, an eye scanner, an accelerometer or othermovement detector, a geopositional satellite (GPS) subsystem or othergeographic location identification capabilities, a network address ortopology indicator. Alternatively, or in addition to the foregoing,depending on the specific requirements of each particularimplementation, a candidate device 110 may include one or moreauthentication devices or identifiers based on electromagnetic scannersor sensors. For example, a pyranometer may be used to measure solarirradiance and thereby to correlate expected exposures to help fixateposition based on expected vs. actual sunrise and/or sunset time at agiven location. As other examples, gamma ray, x-ray, and/or ultravioletradiation sensors may be used to capture and measure invisibleenvironmental wavelengths that may be persistent in a given environment.As another example, radio frequency strength sensors may be used todetect and compare the signal strength of one or more radio frequencybroadcasts (such as “ham radio” signals or other signals) over time,which should stay within a permitted threshold if a candidate device 110stays within its expected range of locations. Authenticationmethodologies and suitable for each particular implementation based onany combination of the foregoing may readily be applied by personsskilled in the art. A candidate device 110 may connect to network 130via wired and/or wireless connections.

Multifactor authentication device 120 may include an entity capable ofdetermining and/or setting and/or verifying the authentication status ofa candidate device 110. As indicated above, an entity may be defined asa device, such as a computer or another type of computation orcommunication device, a thread or process running on one of thesedevices, and/or an object executable by one of these devices. In oneembodiment, multifactor authentication device 120 may initiate and/orterminate multimedia sessions with candidate device 110. Multifactorauthentication device 120 may connect to network 130 via wired and/orwireless connections.

Network 130 may include one or more networks of any type, including aPublic Land Mobile Network (PLMN), a telephone network (e.g., a PublicSwitched Telephone Network (PSTN) and/or a wireless network), a localarea network (LAN), a metropolitan area network (MAN), a wide areanetwork (WAN), an Internet Protocol Multimedia Subsystem (IMS) network,a private network, the Internet, an intranet, a satellite-based network,and/or another type of suitable network, depending on the requirementsof each particular implementation.

One or more components of networked environment 100 may perform one ormore of the tasks described as being performed by one or more othercomponents of networked environment 100.

FIG. 2 is an exemplary diagram of a computing device 200 that may beused to implement aspects of certain embodiments of the presentinvention, such as aspects of candidate device 110 or of multifactorauthentication device 120. Computing device 200 may include a bus 201,one or more processors 205, a main memory 210, a read-only memory (ROM)215, a storage device 220, one or more input devices 225, one or moreoutput devices 230, and a communication interface 235. Bus 201 mayinclude one or more conductors that permit communication among thecomponents of computing device 200.

Processor 205 may include any type of conventional processor,microprocessor, or processing logic that interprets and executesinstructions. Main memory 210 may include a random-access memory (RAM)or another type of dynamic storage device that stores information andinstructions for execution by processor 205. ROM 215 may include aconventional ROM device or another type of static storage device thatstores static information and instructions for use by processor 205.Storage device 220 may include a magnetic and/or optical recordingmedium and its corresponding drive.

Input device(s) 225 may include one or more conventional mechanisms thatpermit a user to input information to computing device 200, such as akeyboard, a mouse, a pen, a stylus, handwriting recognition, voicerecognition, biometric mechanisms, and the like. Output device(s) 230may include one or more conventional mechanisms that output informationto the user, including a display, a projector, an A/V receiver, aprinter, a speaker, and the like. Communication interface 235 mayinclude any transceiver-like mechanism that enables computingdevice/server 200 to communicate with other devices and/or systems. Forexample, communication interface 235 may include mechanisms forcommunicating with another device or system via a network, such asnetwork 130 as shown in FIG. 1.

As will be described in detail below, computing device 200 may performoperations based on software instructions that may be read into memory210 from another computer-readable medium, such as data storage device220, or from another device via communication interface 235. Thesoftware instructions contained in memory 210 cause processor 205 toperform processes that will be described later. Alternatively, hardwiredcircuitry may be used in place of or in combination with softwareinstructions to implement processes consistent with the presentinvention. Thus, various implementations are not limited to any specificcombination of hardware circuitry and software.

A web browser comprising a web browser user interface may be used todisplay information (such as textual and graphical information) on thecomputing device 200. The web browser may comprise any type of visualdisplay capable of displaying information received via the network 130shown in FIG. 1, such as Microsoft's Internet Explorer browser,Netscape's Navigator browser, Mozilla's Firefox browser, PalmSource'sWeb Browser, Google's Chrome browser or any other commercially availableor customized browsing or other application software capable ofcommunicating with network 130. The computing device 200 may alsoinclude a browser assistant. The browser assistant may include aplug-in, an applet, a dynamic link library (DLL), or a similarexecutable object or process. Further, the browser assistant may be atoolbar, software button, or menu that provides an extension to the webbrowser. Alternatively, the browser assistant may be a part of the webbrowser, in which case the browser would implement the functionality ofthe browser assistant.

The browser and/or the browser assistant may act as an intermediarybetween the user and the computing device 200 and/or the network 130.For example, source data or other information received from devicesconnected to the network 130 may be output via the browser. Also, boththe browser and the browser assistant are capable of performingoperations on the received source information prior to outputting thesource information. Further, the browser and/or the browser assistantmay receive user input and transmit the inputted data to devicesconnected to network 130.

Similarly, the embodiment of the present invention described herein isdiscussed in the context of the global data communication networkcommonly referred to as the Internet. Those skilled in the art willrealize that embodiments of the present invention may use any othersuitable data communication network, including without limitation directpoint-to-point data communication systems, dial-up networks, personal orcorporate Intranets, proprietary networks, or combinations of any ofthese with or without connections to the Internet.

In certain embodiments, aspects of the present invention provide amethod, system and apparatus for the secure delivery of audiovisualcontent to a remote device connected to a network that is registered andidentified by a signature using a multi-factor security approach todevice authentication and verification that provides levels of securitythat typically may require human intervention to accomplish.

FIG. 3 depicts an exemplary block diagram of a networked systemenvironment that may be used to implement aspects of certain embodimentsof the present invention. Signals and information being transmitted fromor received at various satellite-based systems such as GPS, TV/radio, orprivate systems 310 may be incorporated into the communication paths atany suitable location. A monitoring service 320 may be coupled to anysuitable network such as the Internet 340 via a data center network 330.A candidate device to be monitored (shown within home network 360) mayuse an assigned X.509 certificate to securely identify itself. The firsttime the candidate device registers with an authentication device, theauthentication device also records the public Internet IP address usedby the candidate device, and from that information determines anapproximate geographical fix for the candidate device and then begins aprocess to capture the initial characteristics of the network pathbetween the authentication device and the candidate device. In thisstep, the authentication device measures and records characteristicssuch as the Internet Service Provider (ISP) network 350, intermediatedevices' network protocol implementation characteristics, the round-tripcommunications latency, the number of intermediate network router hopsand potentially other relevant network-path-related characteristics.This information is used to form an installation signature associatedwith the candidate device. It should be noted that many of the factorsor parameters listed above are typically not under the control of thecandidate device, and that any subset of these parameters may be usedaccording to aspects of the present invention, depending on therequirements of each particular implementation.

Furthermore, during the initial registration phase, a phone number orInternational Mobile Equipment Identity (IMEI) number or otheridentifier of a GPS-enabled, cellular network device (see, e.g., item380 in FIG. 3) may also be provided. This cellular phone may be used tofinalize a candidate device's registration by a user using the phone toaccess a link on a candidate device registration web-portal. This finalstep may provide a more accurate GPS fix or other location identifierassociated with the candidate device.

These sets of information may be used to determine the physical locationof a candidate device, and may further couple that location withattributes of the network used to communicate with the device. Wheneverthe installation signature needs to be verified, the candidate devicemay prompt or instruct a user to access a candidate device registrationweb-portal using a GPS enabled cellular phone (see, e.g., item 380 inFIG. 3). If the GPS location from the cellular device does not match thelocation when initially registered, then users may be required to speakto a system operator to manually confirm their identity and explain thereasons why the location of the candidate device has changed.

Other factors that may be determined, recorded, and tracked as part ofthe multi-factor authentication method and system according to aspectsof the present invention include:

A GPS satellite and/or receiver to provide accurate physical locationdefinition;

An embedded motion sensor, such as an accelerometer;

Publicly visible Internet address (IP Address) to provide a logicalassociation between a network and an account holder;

Information provided by commercial “IP to location” services, GPS dataand local government housing data;

Ethernet MAC addresses of devices in a portion of a network path betweena candidate device and an authentication server;

The route that data takes to travel between a candidate device and anauthentication server, such as the information that may be providedusing the UNIX tool “traceroute” or the Windows tool “tracert.exe”;

Any auxiliary equipment that interfaces with candidate devices may alsobe used to generate the installation signature by obtaining theauxiliary equipment's unique identifiers (for example, HDMI projectors(see, e.g., item 390 in FIG. 3) (and other devices) that areHDCP-compliant can present a unique device ID that may be used to form aportion of an installation's signature);

Signal strength as parameter from different sources;

Different signal types (cell phones, broadcast radio/TV, etc.) Iembedded IDs m received signals I satellite broadcasts, neighboringsmart meter beacons, etc.;

Local ISP info;

Local cable TV program guide (or actual, captured video sequences) as away of validating location and ISP;

Reference monitored equipment (see, e.g., items 370 in FIG. 3) that isinstalled and managed by a trusted authority at any location and is usedto gather metrics related to behavior seen on actual monitored pieces ofequipment (candidate devices) that are near the reference equipment;

Seismic sensors, which may be confirmed through motion-detectioncircuitry within a candidate device;

Weather and other published environmental characteristics (e.g.,temperature, barometric pressure, etc.);

Internal device hardware signatures from integrated circuits and/orsubsystems within a candidate device (hard disk drive IDs, RAID-arrayIDs, etc.);

Internal device software signatures associated with a candidate device,such as information provided by device drivers, the operating system,installed applications, etc.;

User information stored in a candidate device;

Physical tilt information from a tilt sensor in a device; and/or

Compass heading information from a magnetic sensor in a device.

As has already been mentioned, many of the factors or parameters listedabove are typically not under the control of the candidate device, andany subset of these parameters may be used according to aspects of thepresent invention, depending on the requirements of each particularimplementation.

FIG. 4 depicts a flow chart relating to multi-factor deviceauthentication according to certain embodiments of the presentinvention. At step 400, an initial multi-factor installation signatureassociated with a candidate device such as a media playback device isrecorded. The installation signature may be based on factors such as anetwork address associated with the candidate device, a geographicallocation indicator based on such a network address, any othergeographical location indicator associated with the candidate device, amovement indicator associated with the candidate device (such as anindicator based on accelerometers, seismometers, or any other suitablesensor), a network topology signature associated with one or moreparameters of a network path between the candidate device and anauthentication server, or any other suitable combination of factors orvariables. The complexity of the algorithms used to determine aninstallation signature may be determined by those skilled in the art,depending on the particular requirements of each implementation.

At step 410, a subsequent multi-factor installation signature associatedwith the candidate device is determined. For example, the initialmulti-factor installation signature may be recorded during initialinstallation of a candidate device, while a subsequent multi-factorinstallation signature may be determined at a later time, such as when acandidate device attempts to access or play back information that isintended to be used only by properly authenticated candidate devices.

At step 420, the subsequent multi-factor installation signature iscompared against the initial multi-factor installation signature todefine an installation signature change profile. For example, aninstallation change profile may include information relating to anychange of physical location of a candidate device, or to any change inthe network topology of a network path between a candidate device and anauthentication server or device.

At step 430, an alarm signal is generated indicating whether saidinstallation signature change profile satisfies a change profiletolerance criterion. For example, if the installation signature changeprofile indicates that the location of a candidate device has changed bymore than a predetermined distance, and/or that the network topology haschanged, an alarm signal may be generated. Such an alarm signal may beused to prevent unauthorized playback or other use of protected contentor information by a candidate device. Alternatively, without limitationas to the possible implementation variations, the alarm signal may begenerated only if the change profile indicates that no change thresholdhas been exceeded, in which case the alarm signal may be used toauthorize playback or other use of protected content or information by acandidate device.

While the above description contains many specifics and certainexemplary embodiments have been described and shown in the accompanyingdrawings, it is to be understood that such embodiments are merelyillustrative of and not restrictive on the broad invention, and thatthis invention not be limited to the specific constructions andarrangements shown and described, since various other modifications mayoccur to those ordinarily skilled in the art, as mentioned above. Theinvention includes any combination or subcombination of the elementsfrom the different species and/or embodiments disclosed herein.

We claim:
 1. A computerized method for authenticating a media playbackdevice across a computer network, comprising the steps of: determining,at a multi-factor authentication device capable of communicating withsaid media playback device across said computer network, the identityand number of intermediate hops across said network between said mediaplayback device and said multi-factor authentication device; forming aninitial multi-factor installation signature based on a result of saiddetermining step; recording said initial multi-factor installationsignature on a device accessible across said computer network;determining a subsequent multi-factor installation signature based onthe identity and number of intermediate hops across said network betweensaid media playback device and said multi-factor authentication device;comparing said subsequent multi-factor installation signature againstsaid initial multi-factor installation signature to define aninstallation signature change profile; and generating an alarm signal atsaid multi-factor authentication device, indicating whether saidinstallation signature change profile satisfies a change profiletolerance criterion.
 2. The method of claim 1, wherein said initialmulti-factor installation signature comprises a X.509 certificate. 3.The method of claim 1, wherein said initial multi-factor installationsignature comprises one or more network addresses associated with saidmedia playback device.
 4. The method of claim 3, wherein said initialmulti-factor installation signature comprises a geographical locationbased on said one or more network addresses.
 5. The method of claim 1,wherein said initial multi-factor installation signature comprises aninput from at least one accelerometer.
 6. The method of claim 1, whereinsaid initial multi-factor installation signature comprises networktopology data associated with a network path between said media playbackdevice and a media content provider.
 7. A computerized method forauthenticating a media playback device across a computer network,comprising the steps of: determining, at a multi-factor authenticationdevice capable of communicating with said media playback device acrosssaid computer network, the unique identifiers of one or more items ofauxiliary equipment coupled to said media playback device so as toenable media playback; forming an initial multi-factor installationsignature based on a result of said determining step; recording saidinitial multi-factor installation signature on a device accessibleacross said computer network; determining a subsequent multi-factorinstallation signature based on the unique identifiers of one or moreitems of auxiliary equipment coupled to said media playback device so asto enable media playback; comparing said subsequent multi-factorinstallation signature against said initial multi-factor installationsignature to define an installation signature change profile; andgenerating an alarm signal at said multi-factor authentication device,indicating whether said installation signature change profile satisfiesa change profile tolerance criterion.
 8. The method of claim 7, whereinsaid one or more items of auxiliary equipment comprise a HDCP-compliantdevice coupled to said media playback device via a high-definitionmultimedia interface (“HDMI”), wherein at least one unique HDCP or HDMIparameter is utilized in the generation and verification of themulti-factor installation signature.
 9. The method of claim 7, whereinthe unique identifiers of the auxiliary equipment are utilized in thegeneration and verification of the multi-factor installation signature.10. A computerized method for authenticating a media playback deviceacross a computer network, comprising the steps of: determining, at amulti-factor authentication device capable of communicating with saidmedia playback device across said computer network, characteristics ofthe environment associated with said media playback device based on oneor more electromagnetic sensors integrated into said media playbackdevice and capable of measuring and sending data to said multi-factorauthentication device across said computer network; forming an initialmulti-factor installation signature based on a result of saiddetermining step; recording said initial multi-factor installationsignature on a device accessible across said computer network;determining, at said multi-factor authentication device, a subsequentmulti-factor installation signature based on data received from said oneor more electromagnetic sensors; comparing said subsequent multi-factorinstallation signature against said initial multi-factor installationsignature to define an installation signature change profile; andgenerating an alarm signal at said multi-factor authentication device,indicating whether said installation signature change profile satisfiesa change profile tolerance criterion.
 11. The method of claim 10,wherein said one or more electromagnetic sensors comprise a radio signalstrength sensor.
 12. A system for authenticating a media playback deviceacross a computer network, comprising: a multi-factor authenticationdevice coupled to said media playback device across said computernetwork, comprising means for determining the identity and number ofintermediate hops across said network between said media playback deviceand said multi-factor authentication device, means for forming aninitial multi-factor installation signature based on a result of saiddetermining means, means for recording said initial multi-factorinstallation signature on a device accessible across said computernetwork; means for determining a subsequent multi-factor installationsignature based on the identity and number of intermediate hops acrosssaid network between said media playback device and said multi-factorauthentication device, means for comparing said subsequent multi-factorinstallation signature against said initial multi-factor installationsignature to define an installation signature change profile, and meansfor generating an alarm signal at said multi-factor authenticationdevice, indicating whether said installation signature change profilesatisfies a change profile tolerance criterion.
 13. The system of claim12, wherein said initial multi-factor installation signature comprises aX.509 certificate.
 14. The system of claim 12, wherein said initialmulti-factor installation signature comprises a network addressassociated with said media playback device.
 15. The system of claim 14,wherein said initial multi-factor installation signature comprises ageographical location based on said network address.
 16. The system ofclaim 12, wherein said initial multi-factor installation signaturecomprises an input from at least one accelerometer.
 17. The system ofclaim 12, wherein said initial multi-factor installation signaturecomprises network topology data associated with a network path betweensaid media playback device and a media content provider.
 18. A systemfor authenticating a media playback device across a computer network,comprising the steps of: a multi-factor authentication device coupledwith said media playback device across said computer network, comprisingmeans for determining the unique identifiers of one or more items ofauxiliary equipment coupled to said media playback device so as toenable media playback, means for forming an initial multi-factorinstallation signature based on a result of said determining means,means for recording said initial multi-factor installation signature ona device accessible across said computer network, means for determininga subsequent multi-factor installation signature based on the uniqueidentifiers of one or more items of auxiliary equipment coupled to saidmedia playback device so as to enable media playback, means forcomparing said subsequent multi-factor installation signature againstsaid initial multi-factor installation signature to define aninstallation signature change profile, and means for generating an alarmsignal at said multi-factor authentication device, indicating whethersaid installation signature change profile satisfies a change profiletolerance criterion.
 19. The system of claim 18, wherein said one ormore items of auxiliary equipment comprise a HDCP-compliant devicecoupled to said media playback device via a high-definition multimediainterface (“HDMI”).
 20. A system for authenticating a media playbackdevice across a computer network, comprising: a multi-factorauthentication device coupled to said media playback device across saidcomputer network, comprising means for determining characteristics ofthe environment associated with said media playback device based on oneor more electromagnetic sensors integrated into said media playbackdevice and capable of measuring and sending data to said multi-factorauthentication device across said computer network, means for forming aninitial multi-factor installation signature based on a result of saiddetermining means, means for recording said initial multi-factorinstallation signature on a device accessible across said computernetwork, means for determining, at said multi-factor authenticationdevice, a subsequent multi-factor installation signature based on datareceived from said one or more electromagnetic sensors, means forcomparing said subsequent multi-factor installation signature againstsaid initial multi-factor installation signature to define aninstallation signature change profile, and means for generating an alarmsignal at said multi-factor authentication device, indicating whethersaid installation signature change profile satisfies a change profiletolerance criterion.
 21. The system of claim 20, wherein said one ormore electromagnetic sensors comprise a radio signal strength sensor.